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General Information 


Metasploit is a free tool that has built in exploits 
which aids in gaining remote access to a system by 
exploiting a vulnerability in that server. 


Launch program 
Display current version 
Pull the weekly update 


msfconsole 
version 
msfupdate 


makerc <FILE.rc>Saves recent commands to file 
msfconsole -r <FILE.rc> Loads a resource file 


Using the DB 
The DB saves data found 
during exploitation. Auxiliary 


scan results, hashdumps, and 


credentials show upinthe DB. wsfdb init 


Finding an Exploit to Use 


First Time Setup 
Run from linux command line. 


service postgresql start Start DB 


Executing an Exploit 
use <MODULE> 

set payload <PAYLOAD> Set the payload 
show options Show all options 
set <OPTION> <SETTING> Seta setting 
exploit or run Execute the exploit 


Session Handling 


Set the exploit to use 


List all sessions 
Interact/attach to session 
Detach from session 


sessions -1 
sessions -i <ID> 
background or “Z 


db_status Should say connected 
hosts Show hosts in DB 
services Show ports in DB 
Initthe DB. Vvulns Show all vulns found 


Do information gathering with db_nmap and auxiliary modules. Aux mods have numerous scanners, gatherers, 
fuzzers, and tools that allow you to scan a CIDR block or single IP and will save the results in the DB. 


db_nmap -sS -A 192.168.1.100 
show auxiliary 


use auxiliary/scanner/ ftp/anonymous 


Once information is gathered on the host, look at what services or OS the host is 
running and do a search for that term. Example: if NMAP found that host is running 
‘smb’ service, run ‘search smb’ to find exploits for that service. 

search <TERM> Searches all exploits, payloads, and auxiliary modules 


show exploits Show all exploits 


show payloads Showall payloads work from within msf like ifconfig, nmap, etc. 


Meterpreter Commands 


sysinfo Show system info 
ps Show running processes 


kill <PID> Terminate a process 
getuid Show your user ID 
upload/download — Upload/download a file 
pwd / lpwd Print working directory 
cd / lcd Change directory 

cat Show contents of a file 
edit <FILE> Edit a file (vim) 

shel] Drop into a shell 
migrate <PID> Switch to another process 
hashdump Show all pw hashes (Win) 
idletime Display idle time of user 
screenshot Take a screenshot 
clearev Clear the logs 


Do port scan and OS fingerprint then add results to DB 
Show all auxiliary modules (scanners, fuzzers, proxies, etc.) 
use auxiliary/scanner/smb/smb_version Detect the SMB version in use 
Scan for anonymous FTP servers 
use auxiliary/scanner/snmp/snmp_login Scan for public SNMP strings 


Workspaces 

Each workspace is like its 
own database. Create a 
new one to have a fresh DB. 


workspace -h Help 
workspace List 
workspace -a Add 
Linux Commands Many linux commands workspace -d Delete 
workspace -r Rename 


Escalate Privileges 


use priv Load the script 
getsystem Elevate your privs 
getprivs Elevate your privs 


: _. Token Stealing (Win) ; 
use incognito Load the script 


list_tokens -u Show all tokens 
impersonate_token DOMAIN\\USER Use token 
drop_token Stop using token 
Enable port forwarding. This opens port 3388 locally which 
forwards all traffic to 3389 on the remote host: 
meterpreter> portfwd [ADD|DELETE] -L 
<LHOST> -1 3388 -r <RHOST> -p 3389 

Pivot through a session by adding a route within msf it 
allows you to exploit or scan adjacent hosts: 

msf> route add <SUBNET> <MASK> <SESSIONID> 


